Policies are enforceable measures intended to promote appropriate and discourage inappropriate use relating to information technologies. They can be developed by governments, businesses, private groups or individuals. They normally consist of rules governing access to, or use of, information, hardware, software and networks. For example, a school policy on the use of IT would consist of each user signing an acceptable- use policy. It would also address unlawful access to the network through, for example, identity theft or using hacking software, and how these transgressions would be treated. Many websites also require users to agree to specific policies before allowing access to their services.Policies also affect the exchange of information, for example, by making it subject to copyright laws and raising people’s awareness of plagiarism. In general, policies can promote or restrict access, guide behaviour, require the fulfillment of certain conditions prior to or during use, or need to be developed to address unforeseen issues such as cyber-bullying.
Policies exist for the protection and guidance of the organisation and individuals by giving users ground rules for acceptable use of the equipment etc. so there are no misunderstandings. They should also provide guidelines
if, for example, misuse occurs. An AUP (Acceptable Use Policy) also demonstrates to potential funders that the organisation is professional in its approach to managing users.
Policies Framework Template
Introduction
General computer use
Email
Web & other online usage
Security
Training
Each of these points should be addressed when a policy is created
A guideline on how to set up a Policy
Initiate - discuss in team/staff/volunteer/management committee meetings etc.
Form working group (if appropriate) to draw up AUP
Use framework for consultation with users and gain feedback
Draft policy and circulate amongst working group for comment
Write up final policy
Publish and distribute
Publicise to people in organisation
Monitor and review annually
Key features that each IT policy should include
It should have a broad scope
It should be solid and not have any loopholes
Each member employee must sign it, can't be optional
How do we make people read the policies before agreeing to it?
hardly anyone reads the policies and privacy rights before agreeing to it, therefore there should be something in the guidelines that makes them stop and read.
Making thing bold or CAPITALIZED does not work anymore because people are already used to seeing these types of words.
How can policies be improved? Major ways to improve policies is to have strict penalty. Meaning if someone breaks a policy for example like breaking a laptop, then there should be strict penalty for it.
The person who broke a laptop, has to pay for a repair or new one.
Person should be penalized for approx. 1 month of no use of laptops.
Every policy should have some kind of penalty depending on the policy.
HL examples: http://www.bbc.com/news/technology-19675172 -- Facebook suspends its facial recognition tool when tagging photos. This is because of the stress they have been under from the European Union to follow the data protection act better
Notes:
IB Definition:
Policies are enforceable measures intended to promote appropriate and discourage inappropriate use
relating to information technologies. They can be developed by governments, businesses, private groups
or individuals. They normally consist of rules governing access to, or use of, information, hardware, software
and networks. For example, a school policy on the use of IT would consist of each user signing an acceptable-
use policy. It would also address unlawful access to the network through, for example, identity theft or using
hacking software, and how these transgressions would be treated. Many websites also require users to
agree to specific policies before allowing access to their services.Policies also affect the exchange of information,
for example, by making it subject to copyright laws and raising people’s awareness of plagiarism. In general,
policies can promote or restrict access, guide behaviour, require the fulfillment of certain conditions prior to or
during use, or need to be developed to address unforeseen issues such as cyber-bullying.
Example: The user policy at ISH
User+Policy+2011_2012.pdf
- Details
- Download
- 134 KB
Example: Facebook Data Policyhttps://www.facebook.com/about/privacy/your-info
Example: Youtube Copyright Policy
http://www.youtube.com/t/dmca_policy
http://www.youtube.com/t/retractions
Why Have Policies
Policies exist for the protection and guidance of the organisation and individuals by giving users ground rules
for acceptable use of the equipment etc. so there are no misunderstandings. They should also provide guidelines
if, for example, misuse occurs. An AUP (Acceptable Use Policy) also demonstrates to potential funders that the organisation isprofessional in its approach to managing users.
Policies Framework Template
Each of these points should be addressed when a policy is created
A guideline on how to set up a Policy
- Initiate - discuss in team/staff/volunteer/management committee meetings etc.
- Form working group (if appropriate) to draw up AUP
- Use framework for consultation with users and gain feedback
- Draft policy and circulate amongst working group for comment
- Write up final policy
- Publish and distribute
- Publicise to people in organisation
- Monitor and review annually
Key features that each IT policy should includeHow do we make people read the policies before agreeing to it?
- hardly anyone reads the policies and privacy rights before agreeing to it, therefore there should be something in the guidelines that makes them stop and read.
- Making thing bold or CAPITALIZED does not work anymore because people are already used to seeing these types of words.
- http://www.nbcnews.com/technology/technolog/life-too-short-read-privacy-policies-heres-statistical-proof-297399 (life's too short to read all the policies that pop up)
How can policies be improved?Major ways to improve policies is to have strict penalty. Meaning if someone breaks a policy for example like breaking a laptop, then there should be strict penalty for it.
- The person who broke a laptop, has to pay for a repair or new one.
- Person should be penalized for approx. 1 month of no use of laptops.
- Every policy should have some kind of penalty depending on the policy.
Linkshttp://www.ictknowledgebase.org.uk/acceptableusepolicy
http://www.ictknowledgebase.org.uk/index.php?id=123&faq_id=3
http://en.wikipedia.org/wiki/Policy
HL examples:
http://www.bbc.com/news/technology-19675172 -- Facebook suspends its facial recognition tool when tagging photos. This is because of the stress they have been under from the European Union to follow the data protection act better
Hyperlinks: